Project

General

Profile

06_all_lighttpd-1.4.19-closing_foreign_ssl_connections-dos.diff

alternative, hopefully better patch (against 1.4.19, not svn!) - hoffie, 2008-03-26 23:13

View differences:

lighttpd-1.4.19/NEWS 2008-03-26 23:58:55.069421258 +0100
8 8
  * added support for If-Range: <date> (#1346)
9 9
  * added support for matching $HTTP["scheme"] in configs
10 10
  * fixed initgroups() called after chroot (#1384)
11
  * Fix #285 again: read error after SSL_shutdown (thx marton.illes@balabit.com) and clear the error queue before some other calls
11 12
  * fixed case-sensitive check for Auth-Method (#1456)
12 13
  * execute fcgi app without /bin/sh if used as argument to spawn-fcgi (#1428)
13 14
  * fixed a bug that made /-prefixed extensions being handled also when
lighttpd-1.4.19/src/connections.c 2008-03-27 00:00:07.882498846 +0100
199 199

  
200 200
	/* don't resize the buffer if we were in SSL_ERROR_WANT_* */
201 201

  
202
	ERR_clear_error();
202 203
	do {
203 204
		if (!con->ssl_error_want_reuse_buffer) {
204 205
			b = buffer_init();
......
1669 1670
#ifdef USE_OPENSSL
1670 1671
			if (srv_sock->is_ssl) {
1671 1672
				int ret;
1673
				ERR_clear_error();
1672 1674
				switch ((ret = SSL_shutdown(con->ssl))) {
1673 1675
				case 1:
1674 1676
					/* ok */
1675 1677
					break;
1676 1678
				case 0:
1679
					ERR_clear_error();
1677 1680
					SSL_shutdown(con->ssl);
1678 1681
					break;
1679 1682
				default:
lighttpd-1.4.19/src/network_openssl.c 2008-03-26 23:58:55.096421297 +0100
85 85
			 *
86 86
			 */
87 87

  
88
			ERR_clear_error();
88 89
			if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
89 90
				unsigned long err;
90 91

  
......
187 188

  
188 189
				close(ifd);
189 190

  
191
				ERR_clear_error();
190 192
				if ((r = SSL_write(ssl, s, toSend)) <= 0) {
191 193
					unsigned long err;
192 194